diff options
author | Chris Wright <chrisw@sous-sol.org> | 2007-06-07 14:25:31 -0700 |
---|---|---|
committer | Chris Wright <chrisw@sous-sol.org> | 2007-06-07 14:25:31 -0700 |
commit | c23e7e4c94647c2c47d2c835b21cc7d745f62d05 (patch) | |
tree | d8b43e5892f39215653a6f31eeb3ad01a5a0f238 | |
parent | 7bd369b1346bf7f15bba42ddf369fb79fe759b50 (diff) |
[PATCH] cpuset: prevent information leak in cpuset_tasks_read (CVE-2007-2875)
Use simple_read_from_buffer to avoid possible underflow in
cpuset_tasks_read which could allow user to read kernel memory.
Note: This is fixed upstream in 85badbdf5120d246ce2bb3f1a7689a805f9c9006
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
-rw-r--r-- | kernel/cpuset.c | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/kernel/cpuset.c b/kernel/cpuset.c index f382b0f775e..9e45dd152ae 100644 --- a/kernel/cpuset.c +++ b/kernel/cpuset.c @@ -1751,12 +1751,7 @@ static ssize_t cpuset_tasks_read(struct file *file, char __user *buf, { struct ctr_struct *ctr = file->private_data; - if (*ppos + nbytes > ctr->bufsz) - nbytes = ctr->bufsz - *ppos; - if (copy_to_user(buf, ctr->buf + *ppos, nbytes)) - return -EFAULT; - *ppos += nbytes; - return nbytes; + return simple_read_from_buffer(buf, nbytes, ppos, ctr->buf, ctr->bufsz); } static int cpuset_tasks_release(struct inode *unused_inode, struct file *file) |